package wsz.interceptor;

import core.interceptor.Interceptor;
import core.anno.Order;
import core.anno.Security;
import core.utils.Handler;
import wsz.pojo.User;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;

/**
 * 安全校验拦截器
 * 真实情况可以使用：依赖注入访问dao
 * @author wsz
 * @date 2021/10/29 16:20
 **/
@Order(value = 1)
public class SecurityInterceptor implements Interceptor {

    // 需要权限判断的用户
    private Map<String, User> userMap = new HashMap<>();
    public SecurityInterceptor () {
        userMap.put("001", new User(2, "001", "001"));
        userMap.put("002", new User(3, "002", "002"));
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        System.out.println("SecurityInterceptor-preHandle");
        return securityFlag((Handler) handler, request);
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
        System.out.println("SecurityInterceptor-postHandle");
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler) {
        System.out.println("SecurityInterceptor-afterCompletion");
    }

    private boolean securityFlag(Handler handler, HttpServletRequest req) {
        Object controller = handler.getController();
        Class<?> controllerClass = controller.getClass();
        if (controllerClass.isAnnotationPresent(Security.class)) {
            String userName = req.getParameter("userName");

            Security security = controllerClass.getAnnotation(Security.class);
            String[] passNames = security.value();
            if (passNames != null && passNames.length > 0) {
                boolean passFlag = false;

                for (String name : passNames) {
                    if (name.equals(userName)) {
                        // 可以通过
                        passFlag = true;
                        break;
                    }
                }

                if (!passFlag) {
                    return false;
                }
            }
        }

        Method method = handler.getMethod();
        // TODO 判断方法权限
        if (method.isAnnotationPresent(Security.class)) {
            String userName = req.getParameter("userName");

            Security security = method.getAnnotation(Security.class);
            String[] passNames = security.value();
            if (passNames != null && passNames.length > 0) {
                boolean passFlag = false;

                for (String name : passNames) {
                    if (name.equals(userName)) {
                        // 可以通过
                        passFlag = true;
                        break;
                    }
                }
                if (!passFlag) {
                    return false;
                }
            }
        }
        return true;
    }
}
